git-ops action should allow specifying credentials for pushing the new tag/commit to main

[sevenseacat]

I think here - https://github.com/team-alembic/staple-actions/blob/main/actions/git-ops/action.yml#L98

Reason: If the main branch is protected, then the action can't push to it.

remote: error: GH006: Protected branch update failed for refs/heads/main.        
remote: error: You're not authorized to push to this branch. Visit https://docs.github.com/articles/about-protected-branches/ for more information.        
To https://github.com/<org>/<repo>
 * [new tag]         v0.91.0 -> v0.91.0
 ! [remote rejected] HEAD -> main (protected branch hook declined)

I think if we can use the release token instead, and allow an input for the username as well (that can default to {{github.actor}} then it should work?

[sevenseacat]

I've tried to test it out with the code here but it didn't work :(

[sevenseacat]

I think I've gotten it to work in my project's workflow by specifying a personal access token from a user that has permissions to push code, when checking out the code. eg.

    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
          token: ${{ secrets.ACCESS_TOKEN }}
      - uses: team-alembic/staple-actions/actions/git-ops@main
        with:
          mix-env: dev
          release-token: ${{ secrets.ACCESS_TOKEN }}

Taken from https://github.com/orgs/community/discussions/25305#discussioncomment-5582031

The only problem with doing this is that the build runs again, on the push from git-ops... but it shouldn't lead to an infinite loop because that build will only be for the chore commit, which won't make a new release?

Maybe this needs to be detailed in docs somewhere, if wanting to push to a protected branch?

[sevenseacat]

And could we skip the extra builds for the git-ops pushes if we put [skip CI] in the commit message or something similar?